CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-4JC7-PP7P-F6PX
Vulnerability from github – Published: 2024-09-27 15:30 – Updated: 2024-10-04 15:31In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Avoid race between dcn35_set_drr() and dc_state_destruct()
dc_state_destruct() nulls the resource context of the DC state. The pipe context passed to dcn35_set_drr() is a member of this resource context.
If dc_state_destruct() is called parallel to the IRQ processing (which calls dcn35_set_drr() at some point), we can end up using already nulled function callback fields of struct stream_resource.
The logic in dcn35_set_drr() already tries to avoid this, by checking tg against NULL. But if the nulling happens exactly after the NULL check and before the next access, then we get a race.
Avoid this by copying tg first to a local variable, and then use this variable for all the operations. This should work, as long as nobody frees the resource pool where the timing generators live.
(cherry picked from commit 0607a50c004798a96e62c089a4c34c220179dcb5)
{
"affected": [],
"aliases": [
"CVE-2024-46850"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-27T13:15:16Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Avoid race between dcn35_set_drr() and dc_state_destruct()\n\ndc_state_destruct() nulls the resource context of the DC state. The pipe\ncontext passed to dcn35_set_drr() is a member of this resource context.\n\nIf dc_state_destruct() is called parallel to the IRQ processing (which\ncalls dcn35_set_drr() at some point), we can end up using already nulled\nfunction callback fields of struct stream_resource.\n\nThe logic in dcn35_set_drr() already tries to avoid this, by checking tg\nagainst NULL. But if the nulling happens exactly after the NULL check and\nbefore the next access, then we get a race.\n\nAvoid this by copying tg first to a local variable, and then use this\nvariable for all the operations. This should work, as long as nobody\nfrees the resource pool where the timing generators live.\n\n(cherry picked from commit 0607a50c004798a96e62c089a4c34c220179dcb5)",
"id": "GHSA-4jc7-pp7p-f6px",
"modified": "2024-10-04T15:31:12Z",
"published": "2024-09-27T15:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46850"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/42850927656a540428e58d370b3c1599a617bac7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e835d5144f5ef78e4f8828c63e2f0d61144f283a"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4JG9-9XG2-CC8H
Vulnerability from github – Published: 2022-12-22 21:30 – Updated: 2025-04-15 18:31Certain types of allocations were missing annotations that, if the Garbage Collector was in a specific state, could have lead to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 102.4, Firefox ESR < 102.4, and Firefox < 106.
{
"affected": [],
"aliases": [
"CVE-2022-42928"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-22T20:15:00Z",
"severity": "HIGH"
},
"details": "Certain types of allocations were missing annotations that, if the Garbage Collector was in a specific state, could have lead to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 102.4, Firefox ESR \u003c 102.4, and Firefox \u003c 106.",
"id": "GHSA-4jg9-9xg2-cc8h",
"modified": "2025-04-15T18:31:34Z",
"published": "2022-12-22T21:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42928"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1791520"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2022-44"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2022-45"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2022-46"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4JHW-HRR3-2HPG
Vulnerability from github – Published: 2022-05-24 17:12 – Updated: 2022-05-24 17:12An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages in mdns_recv, the return value of the mdns_read_header function is not checked, leading to an uninitialized variable usage that eventually results in a null pointer dereference, leading to service crash. An attacker can send a series of mDNS messages to trigger this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2020-6078"
],
"database_specific": {
"cwe_ids": [
"CWE-252",
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-03-24T21:15:00Z",
"severity": "MODERATE"
},
"details": "An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages in mdns_recv, the return value of the mdns_read_header function is not checked, leading to an uninitialized variable usage that eventually results in a null pointer dereference, leading to service crash. An attacker can send a series of mDNS messages to trigger this vulnerability.",
"id": "GHSA-4jhw-hrr3-2hpg",
"modified": "2022-05-24T17:12:34Z",
"published": "2022-05-24T17:12:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6078"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202005-10"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1001"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2020/dsa-4671"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4JJ9-VVX8-4FX7
Vulnerability from github – Published: 2022-05-24 16:54 – Updated: 2022-05-24 16:54Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution .
{
"affected": [],
"aliases": [
"CVE-2019-8006"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-08-20T20:15:00Z",
"severity": "CRITICAL"
},
"details": "Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution .",
"id": "GHSA-4jj9-vvx8-4fx7",
"modified": "2022-05-24T16:54:11Z",
"published": "2022-05-24T16:54:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8006"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb19-41.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-4JJW-9P2J-2V46
Vulnerability from github – Published: 2024-11-14 12:31 – Updated: 2024-11-14 12:31A null pointer dereference in Palo Alto Networks PAN-OS software on PA-800 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series hardware platforms when Decryption policy is enabled allows an unauthenticated attacker to crash PAN-OS by sending specific traffic through the data plane, resulting in a denial of service (DoS) condition. Repeated attempts to trigger this condition will result in PAN-OS entering maintenance mode.
Palo Alto Networks VM-Series, Cloud NGFW, and Prisma Access are not affected.
This issue only affects PA-800 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series running these specific versions of PAN-OS:
- 10.2.7-h12
- 10.2.8-h10
- 10.2.9-h9
- 10.2.9-h11
- 10.2.10-h2
- 10.2.10-h3
- 10.2.11
- 10.2.11-h1
- 10.2.11-h2
- 10.2.11-h3
- 11.1.2-h9
- 11.1.2-h12
- 11.1.3-h2
- 11.1.3-h4
- 11.1.3-h6
- 11.2.2
- 11.2.2-h1
{
"affected": [],
"aliases": [
"CVE-2024-9472"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-14T10:15:09Z",
"severity": "HIGH"
},
"details": "A null pointer dereference in Palo Alto Networks PAN-OS software on PA-800 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series hardware platforms when Decryption policy is enabled allows an unauthenticated attacker to crash PAN-OS by sending specific traffic through the data plane, resulting in a denial of service (DoS) condition. Repeated attempts to trigger this condition will result in PAN-OS entering maintenance mode.\n\n\nPalo Alto Networks VM-Series, Cloud NGFW, and Prisma Access are not affected.\n\n\nThis issue only affects PA-800 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series running these specific versions of PAN-OS:\n\n * 10.2.7-h12\n * 10.2.8-h10\n * 10.2.9-h9\n * 10.2.9-h11\n * 10.2.10-h2\n * 10.2.10-h3\n * 10.2.11\n * 10.2.11-h1\n * 10.2.11-h2\n * 10.2.11-h3\n * 11.1.2-h9\n * 11.1.2-h12\n * 11.1.3-h2\n * 11.1.3-h4\n * 11.1.3-h6\n * 11.2.2\n * 11.2.2-h1",
"id": "GHSA-4jjw-9p2j-2v46",
"modified": "2024-11-14T12:31:02Z",
"published": "2024-11-14T12:31:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9472"
},
{
"type": "WEB",
"url": "https://security.paloaltonetworks.com/CVE-2024-9472"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Amber",
"type": "CVSS_V4"
}
]
}
GHSA-4JM9-2WWX-QXGM
Vulnerability from github – Published: 2022-01-11 00:01 – Updated: 2022-01-14 00:02The eID module has a null pointer reference vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
{
"affected": [],
"aliases": [
"CVE-2021-40018"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-10T14:10:00Z",
"severity": "HIGH"
},
"details": "The eID module has a null pointer reference vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.",
"id": "GHSA-4jm9-2wwx-qxgm",
"modified": "2022-01-14T00:02:50Z",
"published": "2022-01-11T00:01:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40018"
},
{
"type": "WEB",
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202201-0000001238736331"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-4JP8-FM2M-Q8MC
Vulnerability from github – Published: 2022-05-24 17:47 – Updated: 2022-05-24 17:47The AV1_DuplicateConfig function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
{
"affected": [],
"aliases": [
"CVE-2021-31262"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-04-19T19:15:00Z",
"severity": "MODERATE"
},
"details": "The AV1_DuplicateConfig function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.",
"id": "GHSA-4jp8-fm2m-q8mc",
"modified": "2022-05-24T17:47:51Z",
"published": "2022-05-24T17:47:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31262"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/issues/1738"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/commit/b2eab95e07cb5819375a50358d4806a8813b6e50"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-4JQ3-QRX6-87CC
Vulnerability from github – Published: 2022-05-24 19:05 – Updated: 2024-05-01 18:30Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating why the request was rejected. This rejection response was not fully initialised in the HTTP/2 protocol handler if the offending header was the very first one received or appeared in a a footer. This led to a NULL pointer dereference on initialised memory, crashing reliably the child process. Since such a triggering HTTP/2 request is easy to craft and submit, this can be exploited to DoS the server. This issue affected mod_http2 1.15.17 and Apache HTTP Server version 2.4.47 only. Apache HTTP Server 2.4.47 was never released.
{
"affected": [],
"aliases": [
"CVE-2021-31618"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-15T09:15:00Z",
"severity": "HIGH"
},
"details": "Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating why the request was rejected. This rejection response was not fully initialised in the HTTP/2 protocol handler if the offending header was the very first one received or appeared in a a footer. This led to a NULL pointer dereference on initialised memory, crashing reliably the child process. Since such a triggering HTTP/2 request is easy to craft and submit, this can be exploited to DoS the server. This issue affected mod_http2 1.15.17 and Apache HTTP Server version 2.4.47 only. Apache HTTP Server 2.4.47 was never released.",
"id": "GHSA-4jq3-qrx6-87cc",
"modified": "2024-05-01T18:30:35Z",
"published": "2022-05-24T19:05:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31618"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r14b66ef0f4f569fd515a3f96cd4eb58bd9a8ff525cc326bb0359664f%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r14b66ef0f4f569fd515a3f96cd4eb58bd9a8ff525cc326bb0359664f@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r783b6558abf3305b17ea462bed4bd66d82866438999bf38cef6d11d1%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r783b6558abf3305b17ea462bed4bd66d82866438999bf38cef6d11d1@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NKJ3ZA3FTSZ2QBBPKS6BYGAWYRABNQQ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A73QJ4HPUMU26I6EULG6SCK67TUEXZYR"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NKJ3ZA3FTSZ2QBBPKS6BYGAWYRABNQQ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A73QJ4HPUMU26I6EULG6SCK67TUEXZYR"
},
{
"type": "WEB",
"url": "https://seclists.org/oss-sec/2021/q2/206"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202107-38"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20210727-0008"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-4937"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"type": "WEB",
"url": "http://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/06/10/9"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/03/13/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4JR4-J3WJ-73CJ
Vulnerability from github – Published: 2022-05-14 03:15 – Updated: 2025-04-20 03:34The jp2_cdef_destroy function in jp2_cod.c in JasPer before 2.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image.
{
"affected": [],
"aliases": [
"CVE-2017-6850"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-03-15T14:59:00Z",
"severity": "MODERATE"
},
"details": "The jp2_cdef_destroy function in jp2_cod.c in JasPer before 2.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image.",
"id": "GHSA-4jr4-j3wj-73cj",
"modified": "2025-04-20T03:34:09Z",
"published": "2022-05-14T03:15:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6850"
},
{
"type": "WEB",
"url": "https://github.com/mdadams/jasper/issues/112"
},
{
"type": "WEB",
"url": "https://github.com/mdadams/jasper/commit/e96fc4fdd525fa0ede28074a7e2b1caf94b58b0d"
},
{
"type": "WEB",
"url": "https://blogs.gentoo.org/ago/2017/01/25/jasper-null-pointer-dereference-in-jp2_cdef_destroy-jp2_cod-c"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3693-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4JRW-92FG-4JWX
Vulnerability from github – Published: 2026-03-18 20:06 – Updated: 2026-03-20 21:20Impact
This is an Improper Null Check vulnerability leading to Denial of Service.
- Security Impact: A remote attacker can cause the AUSF service to panic and crash by sending a crafted UE authentication request that triggers a nil interface conversion in the GetSupiFromSuciSupiMap function. This results in complete denial of service for the AUSF authentication service.
- Functional Impact: The GetSupiFromSuciSupiMap function attempts to perform an interface conversion from interface{} to *context.SuciSupiMap without checking if the underlying value is nil. When SuciSupiMap is nil, the code panics with "interface conversion: interface {} is nil, not context.SuciSupiMap".
- Affected Parties*: All deployments of free5GC v4.0.1 using the AUSF UE authentication service (/nausf-auth/v1/ue-authentications endpoint).
Patches
Yes, the issue has been patched.
The fix is implemented in PR free5gc/ausf#52 (commit: [add specific commit hash if available]).
Users should upgrade to the next release of free5GC that includes this commit.
Workarounds
There is no direct workaround at the application level. The recommendation is to apply the provided patch or restrict access to the AUSF API to trusted sources only.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/free5gc/ausf"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.4.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-33063"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-18T20:06:14Z",
"nvd_published_at": "2026-03-20T03:16:01Z",
"severity": "HIGH"
},
"details": "**Impact** \nThis is an Improper Null Check vulnerability leading to Denial of Service. \n- **Security Impact**: A remote attacker can cause the AUSF service to panic and crash by sending a crafted UE authentication request that triggers a nil interface conversion in the `GetSupiFromSuciSupiMap` function. This results in complete denial of service for the AUSF authentication service. \n- **Functional Impact**: The `GetSupiFromSuciSupiMap` function attempts to perform an interface conversion from `interface{}` to `*context.SuciSupiMap` without checking if the underlying value is nil. When `SuciSupiMap` is nil, the code panics with \"interface conversion: interface {} is nil, not *context.SuciSupiMap\". \n- **Affected Parties**: All deployments of free5GC v4.0.1 using the AUSF UE authentication service (`/nausf-auth/v1/ue-authentications` endpoint).\n\n**Patches** \nYes, the issue has been patched. \nThe fix is implemented in PR free5gc/ausf#52 (commit: [add specific commit hash if available]). \nUsers should upgrade to the next release of free5GC that includes this commit.\n\n**Workarounds** \nThere is no direct workaround at the application level. The recommendation is to apply the provided patch or restrict access to the AUSF API to trusted sources only.",
"id": "GHSA-4jrw-92fg-4jwx",
"modified": "2026-03-20T21:20:57Z",
"published": "2026-03-18T20:06:14Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/free5gc/free5gc/security/advisories/GHSA-4jrw-92fg-4jwx"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33063"
},
{
"type": "WEB",
"url": "https://github.com/free5gc/free5gc/issues/778"
},
{
"type": "WEB",
"url": "https://github.com/free5gc/ausf/pull/52"
},
{
"type": "WEB",
"url": "https://github.com/free5gc/ausf/commit/3b9ac4403c2756dc89a5ed3cdcefe688458588aa"
},
{
"type": "PACKAGE",
"url": "https://github.com/free5gc/free5gc"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "free5GC AUSF UE Authentication Panic on Nil SuciSupiMap Interface Conversion"
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.